Mobile operators are increasingly offering business virtual private network (VPN) services over 3G/4G wireless infrastructure. By leveraging wireless access for the last-mile, operators are able to offer services for building enterprise private VPN clouds, similar to dedicated leased-line service offered by fixed line providers. This approach allows operators to eliminate the costs associated with circuit on the last mile and furthermore allows them to monetize their investments in LTE access. A business VPN service allows enterprises to securely link their remote branch offices over a mobile network without the need for dedicated leased lines, or the use of Internet Protocol Security (IPSec)/Secure Sockets Layer (SSL) based VPN services. An enterprise customer may purchase business VPN service in addition to a data connection for their customer premise equipment (CPE) device in a branch office. Service logic in the mobile gateway ensures that the traffic from certain International Mobile Subscriber Identities (IMSI's) is segmented and is virtual routing and forwarding (VRF)-routed to the customer's multiprotocol label switching (MPLS) network. This eliminates provisioning and service management related challenges (typically present with IPsec/SSL based VPN services) for the enterprise IT and at the same time opens up new business opportunities for mobile operators.
Current solutions for enabling this service tie the service logic to the mobile gateways. However, there is significant interest from operators to have this service logic moved out of the evolved packet core (EPC) and have it reside in service nodes outside the packet gateway (PGW) such as in and MPLS Edge, Gi-LAN, or in a partner SP offering MPLS VPN service. In addition to the requirement for moving certain business services out of the EPC, it is also to have some stickiness between those service functions and the EPC elements. In particular, it is desired that the business VPN service function should be able to leverage the LTE service authorization, or other policy elements, and have this service as an extension to the LTE service.